Mercurial > hg > AnnotationManager
view src/de/mpiwg/itgroup/annotationManager/restlet/RestServer.java @ 1:f2f41d0dedf5
minimal changes
| author | dwinter |
|---|---|
| date | Wed, 23 Nov 2011 15:26:33 +0100 |
| parents | 77530be3c747 |
| children | 6888ae3287b8 |
line wrap: on
line source
package de.mpiwg.itgroup.annotationManager.restlet; import java.net.URI; import java.net.URISyntaxException; import java.util.Hashtable; import javax.naming.NamingEnumeration; import javax.naming.NamingException; import javax.naming.directory.Attribute; import javax.naming.directory.DirContext; import javax.naming.directory.InitialDirContext; import javax.naming.directory.SearchControls; import javax.naming.directory.SearchResult; import javax.security.auth.Subject; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.NameCallback; import javax.security.auth.callback.PasswordCallback; import javax.security.auth.login.AppConfigurationEntry; import javax.security.auth.login.Configuration; import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; import org.apache.log4j.BasicConfigurator; import org.apache.log4j.Level; import org.apache.log4j.Logger; import org.restlet.Application; import org.restlet.Context; import org.restlet.Request; import org.restlet.Response; import org.restlet.Restlet; import org.restlet.data.ChallengeScheme; import org.restlet.data.ClientInfo; import org.restlet.ext.jaas.JaasVerifier; import org.restlet.routing.Router; import org.restlet.routing.Template; import org.restlet.routing.TemplateRoute; import org.restlet.security.ChallengeAuthenticator; import org.restlet.security.MapVerifier; import org.restlet.security.User; import org.restlet.security.Verifier; import com.sun.org.apache.xalan.internal.xsltc.runtime.Attributes; import com.sun.security.auth.login.ConfigFile; public class RestServer extends Application { private ChallengeAuthenticator authenticator; private CallbackHandler callbackHandler; /** Erzeuge einen Authenticator * @return */ private ChallengeAuthenticator createAuthenticator() { Context context = getContext(); boolean optional = true; ChallengeScheme challengeScheme = ChallengeScheme.HTTP_BASIC; String realm = "Annotation Service"; // MapVerifier isn't very secure; see docs for alternatives //MapVerifier verifier = new MapVerifier(); //verifier.getLocalSecrets().put("user", "password".toCharArray()); JaasVerifier verifier = new JaasVerifier("BasicJaasAuthenticationApplication"); Configuration jaasConfig; jaasConfig = createConfiguration(); verifier.setConfiguration(jaasConfig); verifier.setUserPrincipalClassName("com.sun.security.auth.UserPrincipal"); ChallengeAuthenticator auth = new ChallengeAuthenticator(context, optional, challengeScheme, realm, verifier) { @Override protected boolean authenticate(Request request, Response response) { if (request.getChallengeResponse() == null) { return false; } else { return super.authenticate(request, response); } } }; return auth; } protected Configuration createConfiguration() { Configuration jaasConfig; URI confUri; try { confUri = new URI("file:///etc/jaasAuth.conf"); //TODO shoould be configurable } catch (URISyntaxException e) { e.printStackTrace(); confUri = null; } jaasConfig= new ConfigFile(confUri); return jaasConfig; } public RestServer(Context parentContext){ super(parentContext); Logger rl = Logger.getRootLogger(); BasicConfigurator.configure(); rl.setLevel(Level.DEBUG); } public synchronized Restlet createInboundRoot(){ this.authenticator = createAuthenticator(); Router router = new Router(getContext()); router.attach("/annotations",AddAndSearchAnnotations.class); router.attach("/search",AddAndSearchAnnotations.class); // annotator api askes for different uris for search and adding router.attach("/dummy",Dummy.class); authenticator.setNext(router); return authenticator; } public boolean authenticate(Request request, Response response) { if (!request.getClientInfo().isAuthenticated()) { authenticator.challenge(response, false); return false; } if(request.getClientInfo().getUser()==null) //FIXME sometimes ist authenticated true, but no user { authenticator.challenge(response, false); return false; } return true; } public boolean authenticate(String username, String password,Request request) { LoginContext lc; try { Configuration conf = createConfiguration(); lc = new LoginContext("BasicJaasAuthenticationApplication", null, new MyCallBackHandler(username,password),conf); lc.login(); } catch (LoginException e) { // TODO Auto-generated catch block e.printStackTrace(); return false; } Subject subject = lc.getSubject(); ClientInfo clientInfo = new ClientInfo(); User user = new User(username); clientInfo.setAuthenticated(true); clientInfo.setUser(user); request.setClientInfo(clientInfo); return true; } public String getUserNameFromLdap(String creator) { String retString=creator; // falls nichts gefunden wird einfach den creator zurueckgeben Hashtable<String,String> env = new Hashtable<String,String>(); String sp = "com.sun.jndi.ldap.LdapCtxFactory"; env.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY, sp); String ldapUrl = "ldap://ldapreplik.mpiwg-berlin.mpg.de/dc=mpiwg-berlin,dc=mpg,dc=de";//TODO should go into config file env.put(javax.naming.Context.PROVIDER_URL, ldapUrl); DirContext dctx; try { dctx = new InitialDirContext(env); } catch (NamingException e1) { // TODO Auto-generated catch block e1.printStackTrace(); return retString; } String base = "ou=People"; SearchControls sc = new SearchControls(); String[] attributeFilter = { "cn", "mail" }; sc.setReturningAttributes(attributeFilter); sc.setSearchScope(SearchControls.SUBTREE_SCOPE); String filter = "(uid="+creator+")"; try { NamingEnumeration<SearchResult> results = dctx.search(base, filter, sc); while (results.hasMore()) { SearchResult sr = (SearchResult) results.next(); javax.naming.directory.Attributes attrs = sr.getAttributes(); Attribute attr = attrs.get("cn"); retString=(String) attr.get(); } } catch (NamingException e) { // TODO Auto-generated catch block e.printStackTrace(); } try { dctx.close(); } catch (NamingException e) { // TODO Auto-generated catch block e.printStackTrace(); } return retString; } }